[PHP-BUG] Bug #63219 [NEW]: Segfault when aliasing trait method when autoloader throws excpetion

maciej dot sz at gmail dot com Thu, 04 Oct 2012 11:44:16 -0700

From:             maciej dot sz at gmail dot com
Operating system: 3.2.0-31-generic #50-Ubuntu
PHP version:      5.4Git-2012-10-04 (snap)
Package:          Reproducible crash
Bug Type:         Bug
Bug description:Segfault when aliasing trait method when autoloader throws 
excpetion


Description:
------------
Class contains "use" statement of a trait. Method alias statement for that
trait contains a typo in the trait name. The autoloader throws exception
and then the segfault occurs.

(gdb) p zend_fetch_class(cur_method_ref->class_name,
cur_method_ref->cname_len, 14)
$5 = (zend_class_entry *) 0x0

Test script:
---------------
---------------
file TFoo.php

<?php
trait TFoo
{
    public function fooMethod(){}
}

---------------
file C.php

<?php
class C
{
    use TFoo {
        TFoooo::fooMethod as tf; // typo
    }
}


----------------
file index.php

<?php
set_include_path(
    realpath(__DIR__ . '/..') . PATH_SEPARATOR . get_include_path()
);

spl_autoload_register(function($cname){
    $fname = $cname . '.php';
    if ( ! stream_resolve_include_path($fname) ) {
        throw new \Exception('could not load');
    }
    include $fname;
});

$C = new C();

Expected result:
----------------
zend_error(E_ERROR, "Cannot alias method of a trait not inclued in use
statement");

This should occur prior to autoloading.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000009863c8 in _zend_is_inconsistent (ht=0x28, 
    file=0xfb0948 "/home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c",
line=969)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:54
54              if (ht->inconsistent==HT_OK) {



(gdb) bt
#0  0x00000000009863c8 in _zend_is_inconsistent (ht=0x28, 
    file=0xfb0948 "/home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c",
line=969)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:54
#1  0x00000000009890f5 in zend_hash_exists (ht=0x28, arKey=0x7ffff7fc5aa0
"foomethodd", nKeyLength=11)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_hash.c:969
#2  0x0000000000952839 in zend_traits_init_trait_structures
(ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4037
#3  0x0000000000953a4a in zend_do_bind_traits (ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4370
#4  0x00000000009b79ee in ZEND_BIND_TRAITS_SPEC_HANDLER
(execute_data=0x7ffff7f88500)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:1027
#5  0x00000000009b42f6 in execute (op_array=0x7ffff7fc0da8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:410
#6  0x00000000009639b8 in zend_call_function (fci=0x7fffffffa1a0,
fci_cache=0x7fffffffa1f0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:958
#7  0x00000000009956b5 in zend_call_method (object_pp=0x0, obj_ce=0x0,
fn_proxy=0x7ffff7fc41e0, 
    function_name=0x7ffff7fc17f8 "closure::__invoke\001",
function_name_len=22, 
    retval_ptr_ptr=0x7fffffffa2e0, param_count=1, arg1=0x7ffff7fbf5d0,
arg2=0x0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_interfaces.c:97
#8  0x00000000007a087c in zif_spl_autoload_call (ht=1,
return_value=0x7ffff7fc40d8, 
    return_value_ptr=0x7fffffffa728, this_ptr=0x0, return_value_used=1)
    at /home/maciek/Downloads/php-5.4.7/ext/spl/php_spl.c:436
#9  0x0000000000963b92 in zend_call_function (fci=0x7fffffffa670,
fci_cache=0x7fffffffa6c0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:980
#10 0x0000000000964520 in zend_lookup_class_ex (name=0x7ffff7eb72f8
"bar\\C", name_length=5, 
    key=0x7ffff7fc24d8, use_autoload=1, ce=0x7fffffffa7c0)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:1127
#11 0x0000000000965230 in zend_fetch_class_by_name
(class_name=0x7ffff7eb72f8 "bar\\C", 
    class_name_len=5, key=0x7ffff7fc24d8, fetch_type=4)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_execute_API.c:1607
#12 0x00000000009b8690 in ZEND_FETCH_CLASS_SPEC_CONST_HANDLER
(execute_data=0x7ffff7f880e8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:1173
#13 0x00000000009b42f6 in execute (op_array=0x7ffff7fc04c8)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_vm_execute.h:410
#14 0x0000000000976e13 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend.c:1286
#15 0x00000000008e9732 in php_execute_script (primary_file=0x7fffffffce40)
    at /home/maciek/Downloads/php-5.4.7/main/main.c:2473
#16 0x0000000000abfa95 in do_cli (argc=2, argv=0x7fffffffe228)
    at /home/maciek/Downloads/php-5.4.7/sapi/cli/php_cli.c:988
#17 0x0000000000ac0bce in main (argc=2, argv=0x7fffffffe228)
    at /home/maciek/Downloads/php-5.4.7/sapi/cli/php_cli.c:1364



(gdb) f 2
#2  0x0000000000952839 in zend_traits_init_trait_structures
(ce=0x7ffff7fc5108)
    at /home/maciek/Downloads/php-5.4.7/Zend/zend_compile.c:4037
4037                                    method_exists =
zend_hash_exists(&cur_method_ref->ce->function_table,



(gdb) p *cur_method_ref 
$1 = {method_name = 0x7ffff7fc1558 "fooMethod", mname_len = 10, ce = 0x0, 
  class_name = 0x7ffff7fc5798 "foo\\TFooo", cname_len = 9}



(gdb) p zend_fetch_class(cur_method_ref->class_name,
cur_method_ref->cname_len, 14)
$2 = (zend_class_entry *) 0x0

-- 
Edit bug report at https://bugs.php.net/bug.php?id=63219&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63219&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63219&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63219&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63219&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63219&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63219&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63219&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63219&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63219&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63219&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63219&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63219&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63219&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63219&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63219&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63219&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63219&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63219&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63219&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63219&r=mysqlcfg

[PHP-BUG] Bug #63219 [NEW]: Segfault when aliasing trait method when autoloader throws excpetion

Reply via email to